Upgraded Q -> 2 from #18 [1677668571999]

c4-judge commented 1 year ago

Judge has assessed an item in Issue #18 as 2 risk. The relevant finding follows:

[L-01] changePayees can result in broken share count Description for (uint256 i; i < newPayees.length; i++) { if (newPayees[i] == address(0)) { revert Errors.CANNOT_SET_TO_ADDRESS_ZERO(); } if (newShares[i] == 0) { revert Errors.SHARE_CANNOT_BE_ZERO(); }

    address payee = newPayees[i];
    _payees.add(payee);
    _shares[payee] = newShares[i];
    _totalShares += newShares[i];

    emit PayeeAdded(payee, newShares[i]);
}

When adding the newPayees to the payees set the contract fails to validate that each address in newPayees is unique. The results is that _totalShares will be incorrect if there is a repeat in newPayees.

Example: Assume newPayees = [Bob,Bob] and newShares = [5,5]. Since _payees.add(payee) is a non-reverting add, if the address already exists in the set it won't revert. The end result is that _totalShares == 10 but _shares[Bob] == 5. This mismatch causes incorrect distribution of rewards.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #13

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory

code-423n4 / 2023-02-kuma-findings

Upgraded Q -> 2 from #18 [1677668571999] #36